Freedom of the Press Foundation
Show Navigation

Crossfire over messaging security

Martin Shelton
Dr. Martin Shelton

Principal Researcher

Illustration by Freedom of the Press Foundation. (CC BY 4.0)

It’s the Digital Security Training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone has shared this newsletter with you, please subscribe here.

In the news

Time for some security nerd drama, this time concerning the messaging apps Signal and Telegram. In recent weeks, Pavel Durov, the founder of messaging app Telegram, has been dialing up assertions on his competing platform about the security properties of the encrypted messaging app, Signal. Without evidence, Elon Musk, on his social platform X, also claimed there exist “known vulnerabilities” within the Signal app that are “not being addressed.”

Get Notified. Take Action.

Signal’s President Meredith Whittaker responded to these claims, suggesting “we don’t have evidence of extant vulnerabilities and haven’t been notified of anything,” and explained how security researchers can get in touch to help the team address any security issues if they are found.

Johns Hopkins cryptography professor Matthew Green explains that “the cryptography behind Signal (also used in WhatsApp and several other messengers) is open source and has been intensively reviewed by cryptographers. When it comes to cryptography, this is pretty much the gold standard.” By comparison, Telegram does not provide end-to-end encryption protection by default and only offers it as an option in one-on-one “Secret Chat” mode.

What you can do

  • For all of the reasons named in Green’s explainer above, our digital security training team often recommends Signal to journalists. Indeed, FPF served as fiscal sponsor of Signal until 2019.
  • Telegram enables large public channels that are not end-to-end encrypted, while Signal universally encrypts conversations for a more constrained group of people. These apps therefore serve very different purposes. The specific focus on private communications in groups of trusted people is one important reason we so often highlight Signal. Even with strong encryption, if you are sending messages to large groups of unknown people, all privacy bets are off. Read our guides to Signal for beginners and Locking down Signal.
  • To learn more about how to use a variety of other encrypted chat tools beyond Signal, check out our guides to secure communication.

Our team is always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.

Best,
Martin

Donate to support press freedom

Your support is more important than ever.
Donate now

Read more about Digital Security Digest

1721934156108

Google backtracks on ad privacy plan

Google has a habit of hitting the brakes on products and features — so much so that it’s become something of a meme to be “killed by Google.” This time it decided to backtrack on its long-standing plan to replace traditional tracking in its Chrome browser.

1721771988326

Beware fraudulent CrowdStrike emails

Last Friday, computer systems worldwide were taken down by a defective update from enterprise cybersecurity vendor CrowdStrike. In the wake of the outage, the U.S. Cybersecurity and Infrastructure Agency is warning of phishing emails, with attackers posing as CrowdStrike customer support.

1721233510231

What to do about AT&T breach

Around 110 million AT&T subscribers were affected by a data breach from May 1 to Oct. 31, 2022, TechCrunch reported.

More posts